[Samba] Access Windows files with individual user credentials

Stefan Kania stefan at kania-online.de
Tue Mar 15 07:49:31 UTC 2016 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am 15.03.2016 um 00:17 schrieb B Martin:
> Dear fellow Samba fans,
> 
> This seems like a blatantly obvious need, but I'm not finding
> anything in the Samba literature addressing it.  Maybe my search-fu
> is just failing me.
> 
> I have a collection of Linux machines with multiple simultaneous
> users. The Linux machines are all running Samba 4.1.7, compiled
> from the source since my distro (CentOS 6.6) isn't that current.
> We are operating in a Windows A/D domain via Winbind, and
> everything in that area seems to be working great.  Linux can see
> all the user accounts, knows their group memberships, etc., and
> their Windows login passwords work fine on the Linux boxes.
> 
> The Linux users want to access Windows network shares, which I
> currently implement using the automounter and a bit of code
> commonly floating around the Internet to mount it via smbclient.
> The problem with this approach is that smbclient needs login
> credentials at the time it sets up the mount.  Everyone using that
> mount is then being treated as if they were using the same login
> credentials.  They don't gain their own individual access rights to
> files on the Windows share.  That's been OK so far, but the users
> are becoming more sophisticated in this environment and now need
> more sophisticated access controls.
> 
> As I think about this, it seems to me that my current
> implementation is modeling the Windows drive mapping function,
> where the credentials are checked at the time the drive is
> accessed, and remains constant for the entire machine even if
> another user logs into it.  What I really want is something that is
> similar to Windows UNC access, in which as I understand it,
> credentials are checked on each file open based on the particular
> user that is trying to open the file.  This is obviously a far more
> flexible, sophisticated approach that gives Linux users 
> fine-grained access to files just like they would have if
> connecting from a Windows client.
> 
> I can't really believe this has never been discussed before, but
> I'm not finding it.  Can someone please point me in the right
> direction?
> 
> Thanks everyone.
> 
> -Brian
> 
I use pam_mount for mounting samba-shares on a Linux-client.



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iEYEARECAAYFAlbnvosACgkQ2JOGcNAHDTZjDACfWxTR4DDw8EaDJXa09gOXPagS
6kIAn3IDrDX7hkIoC+akW4GVP5w+2zhA
=ffD1
-----END PGP SIGNATURE-----

More information about the samba mailing list